There are many ways in which computer hackers and scammers deceive potential victims. Many of these ways involve assuming an identity of a party the potential victim trusts. This may be an individual, such as a friend or a colleague, or it may be a brand, whether one that the potential victim has a relationship with or simply knows of as trustworthy.
A common technique used by computer hackers is to compromise an electronic message account, e.g., using phishing or malware that gains access to the account, and then search the mail folders of the victim for emails that indicate connections and content of potential value in the context of an attack. Upon finding interesting information, such as information indicating that a second party has a trust relationship with the user owning the compromised account, the hacker commonly uses the compromised account to send an email to a second party. This is done with the hope that the second party will be willing to respond in the intended manner to the email, given that it comes from a party he or she trusts.
Sometimes hackers also use compromised accounts to send messages to parties that do not have a trust relationship with the owners of the compromised accounts. This is to circumvent reputation-based filtering that filters emails that come from accounts without a positive reputation (e.g., newly created accounts) and accounts with a poor reputation (e.g., accounts that have been used extensively to send unwanted emails.)
A compromised account is commonly referred to as an account that has been taken over. The action of compromising is commonly referred to as an account take-over (ATO). Compromised accounts are also referred to as ATOed accounts. There is a need for ways to more effectively and efficiently detect and mitigate effects of ATOed accounts.